In recent years, Google has expanded the scope of Safe Browsing to Gmail on the web and third-party Android apps, while protecting against more kinds of threats. The latest update adds additional protections in the forms of user warnings against Android apps that collect user and device data without permission.

Applications that handle phone numbers, emails, and other personal data will be required to prompt users ahead of time and provide a privacy policy. Meanwhile, apps that collect and transmit data unrelated to the main functionality will have to “prominently highlight how the user data will be used and have the user provide affirmative consent for such use.”

This also extends to device data associated with analytics, crash reports, and other functions of the app:

For example, during analytics and crash reportings, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent.

Developers in both Google Play and non-Play app markets have to abide by these new guidelines on handling user data and disclosure. Those that don’t will be penalized with users seeing a warning on Google Play Protect or websites leading to the app.

Enforcement of this Unwanted Software Policy will begin in 60 days. Google is providing a number of guides for resources developers and site owners to gain compliance:

Webmasters whose sites show warnings due to distribution of these apps should refer to the Search Console for guidance on remediation and resolution of the warnings. Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center. Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores.


Check out 9to5Google on YouTube for more news:

About the Author